CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31366 – WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability
https://notcve.org/view.php?id=CVE-2024-31366
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. The Post Type Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts. • https://patchstack.com/database/vulnerability/themify-ptb/wordpress-post-type-builder-ptb-plugin-2-0-8-subscriber-arbitrary-post-page-creation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30440 – WordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30440
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Themify Themify Event Post permite XSS almacenado. Este problema afecta a Themify Event Post: desde n/a hasta 1.2.7. The Themify Event Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/themify-event-post/wordpress-themify-event-post-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24872 – WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24872
Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Themify Themify Builder. Este problema afecta a Themify Builder: desde n/a hasta 7.0.5. The Themify Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.0.5. This is due to missing or incorrect nonce validation on the cache_menu() function. • https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51693 – WordPress Themify Icons Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51693
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('cross-site Scripting') en Themify Icons permite XSS almacenado. Este problema afecta a Themify Icons: desde n/a hasta 2.0.1. The Themify Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/themify-icons/wordpress-themify-icons-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46145 – WordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-46145
Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. La vulnerabilidad de gestión de privilegios incorrecta en Themify Themify Ultra permite la escalada de privilegios. Este problema afecta a Themify Ultra: desde n/a hasta 7.3.5. The themify-ultra theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.5. This makes it possible for low-level attackers with subscriber-level access to elevate their privileges. • https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •